1.5 KiB
1.5 KiB
id | title | challengeType | forumTopicId | dashedName |
---|---|---|---|---|
587d8249367417b2b2512c40 | Configure Helmet Using the ‘parent’ helmet() Middleware | 2 | 301575 | configure-helmet-using-the-parent-helmet-middleware |
--description--
As a reminder, this project is being built upon the following starter project on Replit, or cloned from GitHub.
app.use(helmet())
will automatically include all the middleware introduced above, except noCache()
, and contentSecurityPolicy()
, but these can be enabled if necessary. You can also disable or configure any other middleware individually, using a configuration object.
Example:
app.use(helmet({
frameguard: { // configure
action: 'deny'
},
contentSecurityPolicy: { // enable and configure
directives: {
defaultSrc: ["'self'"],
styleSrc: ['style.com'],
}
},
dnsPrefetchControl: false // disable
}))
We introduced each middleware separately for teaching purposes and for ease of testing. Using the ‘parent’ helmet()
middleware is easy to implement in a real project.
--hints--
no tests - it's a descriptive challenge
assert(true);
--solutions--
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/